Suspicious server probes multiply
The number of suspicious probes and scans designed to find vulnerable domain name servers on corporate networks shot up 280% last month and continues to climb, according to IT managers and a new survey conducted by a network security monitoring firm.
A survey released last week by Alameda, Calif.-based Pilot Network Services Inc. found that suspected hackers made as many as 6,000 attempts last month -- compared to approximately 2,200 in December -- to locate vulnerable domain name servers across corporate networks. Pilot collected the information for the survey from its regional network operations centers, which monitor 70,000 corporate networks belonging to Pilot clients worldwide.
The spike in the number of scans came as no surprise to many users and security experts, who said hackers are stepping up their efforts to uncover corporate systems that haven't been fixed for vulnerabilities discovered last month in the Berkeley Internet Name Domain (BIND) server from the Redwood City, Calif.-based Internet Software Consortium.
In fact, many companies don't even know they are being scanned or if their networks have been compromised, security specialists said.
Meanwhile, other experts warned that hackers with track records of developing sophisticated automated hacking tools are already planning to cross-breed Internet worms, such as the recent Ramen worm, with other DNS exploits, thus creating the potential for widespread network problems.
"There are a couple of worms on the horizon that will probably be the next breaking story," said Amit Yoran, CEO of Riptech Inc., a network security firm in Alexandria, Va. "In literally a matter of hours, a very large number of zombie hosts can be created for planned [distributed denial-of-service] attacks, multiple hopping points to cover your tracks and other activities."
IT managers across the nation also are reporting a rise in DNS-related probes, with many attributing the increase to the Jan. 29 public announcement of vulnerabilities in BIND.
Keith Morgan, a network security specialist at Terradon Communications Group LLC, a Nitro, W. Va.-based Internet software developer for Fortune 500 firms, said his company has detected more than 15,000 individual probes for vulnerabilities on its networks since October. But the scans recently shifted from those looking for vulnerable file transfer protocol servers to Port 53, where DNS resolution queries are handled in older versions of BIND.
"Our remote sites and VPN users connecting over both dial-up and broadband technologies are also reporting major increases in scans for DNS servers," said Morgan.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
